Overview

overview

7

Static

static

3

155绿色�...��.url

windows7-x64

1

155绿色�...��.url

windows10-2004-x64

1

p2pover.exe

windows7-x64

7

p2pover.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/winp...et.dll

windows7-x64

3

$TEMP/winp...et.dll

windows10-2004-x64

3

$TEMP/winp...ta.dll

windows7-x64

3

$TEMP/winp...ta.dll

windows10-2004-x64

3

$TEMP/winp...et.dll

windows7-x64

3

$TEMP/winp...et.dll

windows10-2004-x64

3

$TEMP/winp...pf.sys

windows7-x64

1

$TEMP/winp...pf.sys

windows10-2004-x64

1

$TEMP/winp...64.sys

windows7-x64

1

$TEMP/winp...64.sys

windows10-2004-x64

1

$TEMP/winp...ls.dll

windows7-x64

3

$TEMP/winp...ls.dll

windows10-2004-x64

3

$TEMP/winp...VC.dll

windows7-x64

3

$TEMP/winp...VC.dll

windows10-2004-x64

3

$TEMP/winp...ap.dll

windows7-x64

3

$TEMP/winp...ap.dll

windows10-2004-x64

3

LiteUnzip.dll

windows7-x64

3

LiteUnzip.dll

windows10-2004-x64

3

LiteZip.dll

windows7-x64

3

LiteZip.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    8dbf6dffb2b425c0e6f0d44cb0697460_JaffaCakes118

  • Size

    3.0MB

  • MD5

    8dbf6dffb2b425c0e6f0d44cb0697460

  • SHA1

    74ec1ada650f642f385617dbc1cc5b5b6aa8e0e9

  • SHA256

    bae48b479413a71c628fc8d8d0b8821f48379eecf160d875925e77801d72ab8d

  • SHA512

    e78c8a1ebf5f27c0086922de594cbc37dd7e706c52d0f0666711e5a83256973a7557682bcaac5bd53e379a93672aff08a63055ab7a8646ae19b680a97cf54fac

  • SSDEEP

    49152://bMxOURF+81Dil3XX2DXsHnqLxKpADyK/dN4VE4KAbBvyc+KPoQlZsw:39U+81+xsynLpqlN4VEkbFRDXD

Score
3/10

Malware Config

Signatures

  • Unsigned PE 30 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 8dbf6dffb2b425c0e6f0d44cb0697460_JaffaCakes118
    .rar
  • 155绿色软件站.url
    .url
  • p2pover.exe
    .exe windows:4 windows x86 arch:x86

    97318da386948415d08cef4a9006d669


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/winpcap40/Packet.dll
    .dll windows:4 windows x86 arch:x86

    088fedd367765cf098ba8150e3ad9014


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/winpcap40/PacketVista.dll
    .dll windows:4 windows x86 arch:x86

    125f6213a1434f84285a3dc24077bb0e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/winpcap40/WanPacket.dll
    .dll windows:4 windows x86 arch:x86

    c4f10a94feffedd44a2a094b559256d7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/winpcap40/npf.sys
    .sys windows:6 windows x86 arch:x86

    5d756b1deabd7b6ee3f068c3a075da59


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/winpcap40/npf64.sys
    .sys windows:6 windows x64 arch:x64

    4984370b0a32e217ec04e87b22d6fede


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/winpcap40/npptools.dll
    .dll windows:5 windows x86 arch:x86

    8a413931cc2969954673fc05bd8fd353


    Headers

    Imports

    Exports

    Sections

  • $TEMP/winpcap40/pthreadVC.dll
    .dll windows:4 windows x86 arch:x86

    90ee61357770484e2d085958b94141a3


    Headers

    Imports

    Exports

    Sections

  • $TEMP/winpcap40/wpcap.dll
    .dll windows:4 windows x86 arch:x86

    6a6ab6ea5f347cadbd2f3e8091a86bbb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LiteUnzip.dll
    .dll windows:4 windows x86 arch:x86

    39d9f1f80dba9c8cd529de9f5dcfb84e


    Headers

    Imports

    Exports

    Sections

  • LiteZip.dll
    .dll windows:4 windows x86 arch:x86

    d106e627907a9a6d85cce365108761b2


    Headers

    Imports

    Exports

    Sections

  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    97318da386948415d08cef4a9006d669


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    946eb0a1e85c9ade4acaf634eb5a64f1


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • acl/WWW[ʱ].acl
  • acl/WWWģ[ʱ].acl
  • acl/[ʱ].acl
  • acl/P2P[ʱ].acl
  • adbrowser.exe
    .exe windows:4 windows x86 arch:x86

    14373624fb3d7401ef847d0c7c27a7df


    Headers

    Imports

    Exports

    Sections

  • backup.ini
  • bwtest.exe
    .exe windows:4 windows x86 arch:x86

    9755d59a18ef5217a97d67fd73c2ce5f


    Headers

    Imports

    Sections

  • bwtest.ico
  • config/ed2k.dat
  • config/sample.blk
  • config/sample.wht
  • core.dll
    .dll windows:4 windows x86 arch:x86

    b3383dfdf5ebf1bee49b8502fe355d28


    Headers

    Imports

    Exports

    Sections

  • detoured.dll
    .dll windows:4 windows x86 arch:x86

    6c8408bb5d7d5a5b75b9314f94e68763


    Headers

    Imports

    Exports

    Sections

  • lang/chs/config.dll
    .dll windows:4 windows x86 arch:x86

    0f6f76191f0eaba8a88d06d71202c598


    Headers

    Imports

    Exports

    Sections

  • lang/chs/gui.xml
  • lang/chs/rsc.dll
    .dll windows:4 windows x86 arch:x86

    5c54715227e960c5019e7a45d4b9d02a


    Headers

    Imports

    Sections

  • lang/eng/config.dll
    .dll windows:4 windows x86 arch:x86

    0f6f76191f0eaba8a88d06d71202c598


    Headers

    Imports

    Exports

    Sections

  • lang/eng/gui.xml
  • lang/eng/rsc.dll
    .dll windows:4 windows x86 arch:x86

    5c54715227e960c5019e7a45d4b9d02a


    Headers

    Imports

    Sections

  • lang/string.dat
  • list/WWWģ.wht
  • list/WWWģ.blk
  • mac-prefixes
  • modules/dlctrl.dll
    .dll windows:4 windows x86 arch:x86

    b986a2e48331012062e0fbc635631320


    Headers

    Imports

    Exports

    Sections

  • modules/imctrl.dll
    .dll windows:4 windows x86 arch:x86

    d0828209b8ce9e3c8410df6207db4861


    Headers

    Imports

    Exports

    Sections

  • modules/p2pctrl.dll
    .dll windows:4 windows x86 arch:x86

    c62bc5399958dccfb27611997287d5bb


    Headers

    Imports

    Exports

    Sections

  • modules/sitectrl.dll
    .dll windows:4 windows x86 arch:x86

    8a43421642bee18bcb50bc92f274a77c


    Headers

    Imports

    Exports

    Sections

  • p2pfilter.sys
    .sys windows:4 windows x86 arch:x86

    595687010f92ae0ff547af4bee977f33


    Headers

    Imports

    Sections

  • p2pover.exe
    .exe windows:4 windows x86 arch:x86

    f5da669d1bb915e2f2d38c1ce7df32f2


    Headers

    Imports

    Exports

    Sections

  • pvt.dat
  • pvt.dll
    .dll windows:4 windows x86 arch:x86

    c7b0d7e04c4d964d398dc70595a40760


    Headers

    Imports

    Exports

    Sections

  • readme.txt
  • rule.dat
  • schedule.dat
  • setup.dat
  • skins/office2007.ski
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • skins/vista.ski
    .dll windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • stat.dll
    .dll windows:4 windows x86 arch:x86

    839bf7d32ff7bf3a001990de2af88107


    Headers

    Imports

    Exports

    Sections

  • tbw.ico
  • tour/tour.exe
    .exe windows:4 windows x86 arch:x86

    edac6f2832c09832b3092087830a038a


    Headers

    Imports

    Sections

  • update.dll
    .dll windows:4 windows x86 arch:x86

    536314b2a90ee7ef28d8b503473edf37


    Headers

    Imports

    Exports

    Sections

  • version.dat